CURRENT AFFAIRS

Get the most updated and recent current affair content on Padhaikaro.com

JPC report on the Personal Data Bill

  • IAS NEXT, Lucknow
  • 24, Nov 2021
Image Not Found

The Joint Parliamentary Committee (JPC) on the Personal Data Protection (PDP) Bill, 2019 has submitted its report.

  • It has retained the controversial exemption clause that allows the Government to keep any of its agencies outside the purview of the law with minor changes.

Key recommendations made:

  • Stricter regulations for social media platforms: The Committee recommended that all social media platforms, which did not act as intermediaries, should be treated as publishers and be held accountable for the content they host, and should be held responsible for the content from unverified accounts on their platforms.
  • It said no social media platform should be allowed to operate unless the parent company handling the technology sets up an office in India and that a statutory media regulatory authority, on the lines of the Press Council of India, may be set up for the regulation of the contents on all such platforms irrespective of the platform where their content is published.
  • Some of the other recommendations of the committee included development of an alternative indigenous financial system for cross-border payments on the lines of Ripple (U.S.) and INSTEX (European Union).
Clause 35– a Controversial provision in the Bill:

Clause 35, in the name of “public order”, “sovereignty”, “friendly relations with foreign states” and “security of the state”, allowed any agency under the Union Government exemption from all or any provisions of the law.

This was one of the widely debated clauses in the panel meetings.

Various suggestions in this regard:

  • The members had argued that “public order” should be removed as a ground for exemption.
  • They had also pressed for “judicial or parliamentary oversight” for granting such exemptions.
  • The members had also suggested that “there should be an order in writing with reasons for exempting a certain agency from the ambit of the Bill”.
  • Some of them had asked that only partial exemption should be given to the agency if needed.

However, none of these suggestions was accepted.

Rationale behind the retention of this clause:

  • A secure nation alone provides the atmosphere which ensures personal liberty and privacy of an individual whereas multiple examples exist where without individual liberty and privacy, national security itself gives rise to autocratic regimes.
  • The report noted that this clause was for “certain legitimate purposes” and also said there was precedent in the form of the reasonable restrictions imposed upon the liberty of an individual, as guaranteed under  Article 19 of the Constitution and  the Puttaswamy judgment.

Concerns raised against certain provisions:

The Bill did not provide adequate safeguards to protect the right to privacy and gave an overboard exemption to the Government. Clause 35 was open to misuse since it gave unqualified powers to the Government.

The Personal Data Protection (PDP) Bill 2019:

The genesis of this Bill lies in the report prepared by a Committee of Experts headed by Justice B.N. Srikrishna.

The committee was constituted by the government in the course of hearings before the Supreme Court in the right to privacy case (Justice K.S. Puttaswamy v. Union of India).

How does the bill seek to regulate data?

The bill constitutes 3 personal information types:

  1. Critical
  2. Sensitive
  3. General

Other Key provisions:

Data principal: As per the bill, it is the individual whose data is being stored and processed.

Social media companies, which are deemed significant data fiduciaries based on factors such as volume and sensitivity of data as well as their turnover, should develop their own user verification mechanism.

  • An independent regulator Data Protection Agency (DPA) will oversee assessments and audits and definition making.
  • Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.
  • The bill also grants individuals the right to data portability, and the ability to access and transfer one’s own data.
  • The right to be forgotten: This right allows an individual to remove consent for data collection and disclosure.